US20140123278A1 - Denial-of-service attack protection - Google Patents
Denial-of-service attack protection Download PDFInfo
- Publication number
- US20140123278A1 US20140123278A1 US13/662,023 US201213662023A US2014123278A1 US 20140123278 A1 US20140123278 A1 US 20140123278A1 US 201213662023 A US201213662023 A US 201213662023A US 2014123278 A1 US2014123278 A1 US 2014123278A1
- Authority
- US
- United States
- Prior art keywords
- denial
- service attack
- message
- processor
- alert
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/52—Multiprotocol routers
Definitions
- the present disclosure relates generally to computer networks, and, more particularly, to denial-of-service (DOS) attack protection for computer networks.
- DOS denial-of-service
- FIG. 1 illustrates an example communication network
- FIG. 2 illustrates an example network node/device
- FIG. 3 illustrates an example simplified procedure for protecting computer networks from denial-of-service attacks.
- a device detects a denial-of-service attack and generates a message in response to the detection of the denial-of-service attack.
- the message can then be virally distributed to a plurality of subscribed devices or posted for review by other devices.
- a computer network is a geographically distributed collection of nodes interconnected by communication links and segments for transporting data between end nodes, such as personal computers and workstations, or other devices, such as servers, routers, switches, sensors, etc.
- end nodes such as personal computers and workstations, or other devices, such as servers, routers, switches, sensors, etc.
- LANs local area networks
- WANs wide area networks
- LANs typically connect the nodes over dedicated private communications links located in the same general physical location, such as a building or campus.
- WANs typically connect geographically dispersed nodes over long-distance communications links, such as common carrier telephone lines, optical lightpaths, synchronous optical networks (SONET), synchronous digital hierarchy (SDH) links, or Powerline Communications (PLC) such as IEEE 61334, IEEE P1901.2, and others.
- SONET synchronous optical networks
- SDH synchronous digital hierarchy
- PLC Powerline Communications
- a wireless network is a type of shared media network where a plurality of nodes communicate over a wireless medium, such as using radio frequency (RF) transmission through the air.
- a Mobile Ad-Hoc Network (MANET) is a kind of wireless ad-hoc network, which is generally considered a self-configuring network of mobile routes (and associated hosts) connected by wireless links, the union of which forms an arbitrary topology.
- FIG. 1 is a schematic block diagram of an example simplified computer network 100 illustratively comprising nodes/devices 200 (e.g., labeled as shown, 11 , 22 , 33 , and 44 ), which can be interconnected by various methods of communication.
- links 105 may be wired links or shared media (e.g., wireless links) where certain nodes/devices 200 , such as, e.g., servers, routers, sensors, switches, computers, etc., may be in communication with other nodes/devices 200 , e.g., based on distance, signal strength, current operational status, location, etc.
- nodes/devices 200 such as, e.g., servers, routers, sensors, switches, computers, etc.
- any number of nodes/devices, links, etc. may be used in the network, and that the view shown herein is for simplicity.
- computer network 100 is shown in a certain orientation, computer network 100 is merely an example illustration that is not meant to limit the disclosure
- Data packets 140 may be exchanged among nodes/devices 200 of computer network 100 using predefined network communication protocols such as certain known wired protocols, wireless protocols, or other protocols where appropriate.
- a protocol consists of a set of rules defining how the nodes/devices 200 interact with each other.
- FIG. 2 is a schematic block diagram of an example node/device 200 that may be used with one or more embodiments described herein, e.g., as any of the nodes/devices 200 shown in FIG. 1 above.
- the node/device 200 may comprise one or more network interfaces 210 (e.g., wired, wireless,), at least one processor 220 , and a memory 240 , all interconnected by a system bus 250 , and powered by a power supply 260 .
- the network interface(s) 210 comprise the mechanical, electrical, and signaling circuitry for communicating data over links 105 coupled to computer network 100 .
- the network interfaces may be configured to transmit and/or receive data using a variety of different communication protocols.
- the nodes may have two different types of network connections 210 , e.g., wireless and wired/physical connections, and that the view herein is merely for illustration.
- the memory 240 comprises a plurality of storage locations that are addressable by processor 220 and network interfaces 210 for storing software programs and data structures associated with the embodiments described herein.
- Processor 220 may comprise hardware elements or hardware logic adapted to execute the software programs and manipulate data structures 245 .
- An operating system 242 such as the Internetwork Operating System or IOS® available from Cisco Systems, Inc. of San Jose, Calif., portions of which are typically resident in memory 240 and executed by processor 220 , functionally organizes the device by, inter alia, invoking operations in support of software processes and/or services executing on the device.
- These software processes and/or services may comprise routing process/services 244 and an illustrative DOS alert process 246 , as described herein. Note that while routing process 244 and DOS alert process 246 are shown in centralized memory 240 , certain embodiments provide for the processes (or portions thereof) to be specifically operated within the network interfaces 210 .
- processor and memory types including various computer-readable media, may be used to store and execute program instructions pertaining to the techniques described herein.
- description illustrates various processes, it is expressly contemplated that various processes may be embodied as modules configured to operate in accordance with the techniques herein (e.g., according to the functionality of a similar process). Further, while the processes have been shown separately, those skilled in the art will appreciate that processes may be routines or modules within other processes.
- Routing process (services) 244 comprises computer executable instructions executed by processor 220 to perform functions provided by one or more routing protocols, such as proactive or reactive routing protocols as will be understood by those skilled in the art. These functions may, on capable devices, be configured to manage a routing/forwarding table (a data structure 245 ) used to make routing/forwarding decisions for data packets.
- routing/forwarding table a data structure 245
- connectivity is discovered and known prior to computing routes to any destination in the network, e.g., link state routing such as Open Shortest Path First (OSPF), Intermediate-System-to-Intermediate-System (ISIS), or Optimized Link State Routing (OLSR).
- OSPF Open Shortest Path First
- ISIS Intermediate-System-to-Intermediate-System
- OLSR Optimized Link State Routing
- Reactive routing discovers neighbors (i.e., does not have an a priori knowledge of network topology), and in response to a needed route to a destination, sends a route request into the network to determine which neighboring node may be used to reach the desired destination.
- CLI command-line interface
- the techniques herein provide a single point of notification and control for any process that can take action to protect a network against a DOS attack or overload detection.
- the techniques described herein may be performed by hardware, software, and/or firmware, which may contain computer executable instructions executed by the processor 220 (or independent processor of interfaces 210 ) to perform functions relating to the techniques described herein.
- an alert is generated, either automatically or manually, when a DOS attack is detected.
- the alert can be generated through a simple CLI for older IOS platforms, like “DOS” in privileged mode, an icon on a desktop, voice recognition software, or an actual button that a user can press when the user detects a DOS attack.
- Access to the CLI is often compromised when a system is highly loaded from a DOS attack, therefore, when an alert is generated, the CLI precedence can be raised and the watchdog time can be lowered.
- the a DOS attack can be detected through software (e.g., monitoring network traffic or a breach attempt) or through hardware (e.g., monitoring the temperature of a computer room or the heat output of a device or system, monitoring the use of backup power, monitoring for physical intrusion, or monitoring for hard disk or cooling vibrations) and the alert automatically generated when a DOS attack is detected.
- One possible source of traffic and/or heat overload may be the amount of packets punted.
- the automated alert can be generated by a designated device and sent to device 11 or the traffic analyzer and/or thermometer can be integral to device 11 .
- the DOS attack monitoring could have various levels of DOS attack detection probability (e.g., suspected, probable, certain, etc.) and can generate a specific alert based on the level of probability, which could be used to generate different DOS messages, as described below.
- the alert is received by DOS alert process 246 of a device 200 (e.g. device 11 ) when a DOS attack is detected.
- alert process 246 When the alert is received, alert process 246 generates a DOS message and virally distributes the DOS message over a content delivery platform (CDP) or other similar service to all other devices 200 (e.g. devices 22 , 33 , and 44 ) that have registered with device 11 to receive DOS messages.
- CDP content delivery platform
- the DOS message could be a reg_invoke.
- the DOS message can be posted or saved to a known location that external devices or internal systems can monitor for DOS messages.
- the DOS message can contain information that an alert has been detected and instructions on what actions should be taken upon receipt of the DOS message.
- FHS can block lookups for new addresses, throttle multicast over wireless and packets punted to CPU, and/or throttle multicast flows.
- predefined operations can be scripted (e.g., install a restrictive certified output protection protocol (COPP) policy) that can be installed automatically when an alert is received.
- COP certified output protection protocol
- the alert received by DOS alert process 246 could vary based on the probability of the DOS attack. Based on the probability of attack in the alert, DOS alert process 246 could generate different DOS messages having various information and instructions depending on the probability of attack.
- the devices 200 execute the instructions contained in the DOS message to protect the devices 200 and the network from the DOS attack.
- FIG. 3 illustrates an example simplified procedure for DOS attack protection for computer networks in accordance with one or more embodiments described herein.
- the procedure may start at Step 300 , where a DOS attack is detected.
- a DOS attack could be manually detected by an administrator or user monitoring the network or could be automatically detected using a traffic analyzer, thermometer, etc.
- an alert is generated that notifies a control device 200 (e.g. device 11 ) in the network of the detected DOS attack.
- a control device 200 e.g. device 11
- the alert can be generated through commands entered through CLI, selection of an icon on a desktop, voice commands through voice recognition software, or can even be an actual button (virtual or physical) that is pressed by a user.
- the alert can be automatically generated by the traffic analyzer or other system/device that detects the DOS attack.
- the alert is then received by the control device.
- Steps 310 and 320 can be eliminated as the control device is generating the alert itself.
- a DOS message is generated and the DOS message is virally distributed to other devices 200 (e.g. devices 22 , 33 , and 44 ) in the network at Step 340 .
- the DOS message can be posted to a known location that is monitored by external devices and/or internal systems, rather than sending the DOS message.
- Step 350 the other devices in the network receive and/or retrieve the DOS message and execute the instructions contained in the DOS message at Step 360 .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
- The present disclosure relates generally to computer networks, and, more particularly, to denial-of-service (DOS) attack protection for computer networks.
- In the case of a denial-of-service attack, many things need to be done at the various nodes/devices (e.g., routers, switches, etc.) in the network to protect the network and the nodes/devices. Some actions will require an analysis of the DOS attack and, thus, specific command-line interface (CLI) actions. However, these actions take time for both the analysis and entering CLI. At times, the DOS attack is such that the CLI hardly responds and the counter measures take too long to apply. There are also some actions that can be taken blindly to “raise the shield” and protect the network, such as throttling more punted packets, throttling the multicast operations, stopping IPv6 neighbor discovery (ND) and address resolution protocol (ARP) lookups, giving greater precedence to CLI, etc.
- The embodiments herein may be better understood by referring to the following description in conjunction with the accompanying drawings in which like reference numerals indicate identically or functionally similar elements, of which:
-
FIG. 1 illustrates an example communication network; -
FIG. 2 illustrates an example network node/device; and -
FIG. 3 illustrates an example simplified procedure for protecting computer networks from denial-of-service attacks. - According to one or more embodiments of the disclosure, a device detects a denial-of-service attack and generates a message in response to the detection of the denial-of-service attack. The message can then be virally distributed to a plurality of subscribed devices or posted for review by other devices.
- A computer network is a geographically distributed collection of nodes interconnected by communication links and segments for transporting data between end nodes, such as personal computers and workstations, or other devices, such as servers, routers, switches, sensors, etc. Many types of networks are available, with the types ranging from local area networks (LANs) to wide area networks (WANs). LANs typically connect the nodes over dedicated private communications links located in the same general physical location, such as a building or campus. WANs, on the other hand, typically connect geographically dispersed nodes over long-distance communications links, such as common carrier telephone lines, optical lightpaths, synchronous optical networks (SONET), synchronous digital hierarchy (SDH) links, or Powerline Communications (PLC) such as IEEE 61334, IEEE P1901.2, and others.
- A wireless network, in particular, is a type of shared media network where a plurality of nodes communicate over a wireless medium, such as using radio frequency (RF) transmission through the air. For example, a Mobile Ad-Hoc Network (MANET) is a kind of wireless ad-hoc network, which is generally considered a self-configuring network of mobile routes (and associated hosts) connected by wireless links, the union of which forms an arbitrary topology.
-
FIG. 1 is a schematic block diagram of an examplesimplified computer network 100 illustratively comprising nodes/devices 200 (e.g., labeled as shown, 11, 22, 33, and 44), which can be interconnected by various methods of communication. For instance,links 105 may be wired links or shared media (e.g., wireless links) where certain nodes/devices 200, such as, e.g., servers, routers, sensors, switches, computers, etc., may be in communication with other nodes/devices 200, e.g., based on distance, signal strength, current operational status, location, etc. Those skilled in the art will understand that any number of nodes/devices, links, etc. may be used in the network, and that the view shown herein is for simplicity. Also, those skilled in the art will further understand that whilecomputer network 100 is shown in a certain orientation,computer network 100 is merely an example illustration that is not meant to limit the disclosure. -
Data packets 140 may be exchanged among nodes/devices 200 ofcomputer network 100 using predefined network communication protocols such as certain known wired protocols, wireless protocols, or other protocols where appropriate. In this context, a protocol consists of a set of rules defining how the nodes/devices 200 interact with each other. -
FIG. 2 is a schematic block diagram of an example node/device 200 that may be used with one or more embodiments described herein, e.g., as any of the nodes/devices 200 shown inFIG. 1 above. The node/device 200 may comprise one or more network interfaces 210 (e.g., wired, wireless,), at least oneprocessor 220, and amemory 240, all interconnected by a system bus 250, and powered by apower supply 260. - The network interface(s) 210 comprise the mechanical, electrical, and signaling circuitry for communicating data over
links 105 coupled tocomputer network 100. The network interfaces may be configured to transmit and/or receive data using a variety of different communication protocols. Note, further, that the nodes may have two different types ofnetwork connections 210, e.g., wireless and wired/physical connections, and that the view herein is merely for illustration. - The
memory 240 comprises a plurality of storage locations that are addressable byprocessor 220 andnetwork interfaces 210 for storing software programs and data structures associated with the embodiments described herein.Processor 220 may comprise hardware elements or hardware logic adapted to execute the software programs and manipulatedata structures 245. Anoperating system 242, such as the Internetwork Operating System or IOS® available from Cisco Systems, Inc. of San Jose, Calif., portions of which are typically resident inmemory 240 and executed byprocessor 220, functionally organizes the device by, inter alia, invoking operations in support of software processes and/or services executing on the device. These software processes and/or services may comprise routing process/services 244 and an illustrativeDOS alert process 246, as described herein. Note that whilerouting process 244 and DOSalert process 246 are shown incentralized memory 240, certain embodiments provide for the processes (or portions thereof) to be specifically operated within thenetwork interfaces 210. - It will be apparent to those skilled in the art that other processor and memory types, including various computer-readable media, may be used to store and execute program instructions pertaining to the techniques described herein. Also, while the description illustrates various processes, it is expressly contemplated that various processes may be embodied as modules configured to operate in accordance with the techniques herein (e.g., according to the functionality of a similar process). Further, while the processes have been shown separately, those skilled in the art will appreciate that processes may be routines or modules within other processes.
- Routing process (services) 244 comprises computer executable instructions executed by
processor 220 to perform functions provided by one or more routing protocols, such as proactive or reactive routing protocols as will be understood by those skilled in the art. These functions may, on capable devices, be configured to manage a routing/forwarding table (a data structure 245) used to make routing/forwarding decisions for data packets. In particular, in proactive routing, connectivity is discovered and known prior to computing routes to any destination in the network, e.g., link state routing such as Open Shortest Path First (OSPF), Intermediate-System-to-Intermediate-System (ISIS), or Optimized Link State Routing (OLSR). Reactive routing, on the other hand, discovers neighbors (i.e., does not have an a priori knowledge of network topology), and in response to a needed route to a destination, sends a route request into the network to determine which neighboring node may be used to reach the desired destination. - As noted above, in the case of a denial-of-service attack, many things needs to be done at the various nodes/devices in the network to protect the network and the nodes/devices. Some actions will require an analysis of the DOS attack and, thus, specific command-line interface (CLI) actions. There are also some actions that can be taken blindly to “raise the shield” and protect the network, such as throttling more punted packets (i.e., extracted from the hardware forwarding and passed to software), throttling the multicast operations, stopping IPv6 ND and address resolution protocol (ARP) lookups, giving greater precedence to CLI, etc.
- The techniques herein provide a single point of notification and control for any process that can take action to protect a network against a DOS attack or overload detection. Illustratively, the techniques described herein may be performed by hardware, software, and/or firmware, which may contain computer executable instructions executed by the processor 220 (or independent processor of interfaces 210) to perform functions relating to the techniques described herein.
- Operationally, an alert is generated, either automatically or manually, when a DOS attack is detected. For manual systems, once an administrator or user detects the DOS attack, the alert can be generated through a simple CLI for older IOS platforms, like “DOS” in privileged mode, an icon on a desktop, voice recognition software, or an actual button that a user can press when the user detects a DOS attack. Access to the CLI is often compromised when a system is highly loaded from a DOS attack, therefore, when an alert is generated, the CLI precedence can be raised and the watchdog time can be lowered. For automated systems, the a DOS attack can be detected through software (e.g., monitoring network traffic or a breach attempt) or through hardware (e.g., monitoring the temperature of a computer room or the heat output of a device or system, monitoring the use of backup power, monitoring for physical intrusion, or monitoring for hard disk or cooling vibrations) and the alert automatically generated when a DOS attack is detected. One possible source of traffic and/or heat overload may be the amount of packets punted. The automated alert can be generated by a designated device and sent to
device 11 or the traffic analyzer and/or thermometer can be integral todevice 11. In addition, the DOS attack monitoring could have various levels of DOS attack detection probability (e.g., suspected, probable, certain, etc.) and can generate a specific alert based on the level of probability, which could be used to generate different DOS messages, as described below. - However the alert is generated, the alert is received by DOS
alert process 246 of a device 200 (e.g. device 11) when a DOS attack is detected. When the alert is received,alert process 246 generates a DOS message and virally distributes the DOS message over a content delivery platform (CDP) or other similar service to all other devices 200 (e.g. devices 22, 33, and 44) that have registered withdevice 11 to receive DOS messages. For example, in IOS the DOS message could be a reg_invoke. Alternatively, the DOS message can be posted or saved to a known location that external devices or internal systems can monitor for DOS messages. The DOS message can contain information that an alert has been detected and instructions on what actions should be taken upon receipt of the DOS message. For example, in the context of IPv6 First Hop security (FHS), FHS can block lookups for new addresses, throttle multicast over wireless and packets punted to CPU, and/or throttle multicast flows. In addition, predefined operations can be scripted (e.g., install a restrictive certified output protection protocol (COPP) policy) that can be installed automatically when an alert is received. As discussed above, the alert received byDOS alert process 246 could vary based on the probability of the DOS attack. Based on the probability of attack in the alert,DOS alert process 246 could generate different DOS messages having various information and instructions depending on the probability of attack. - Once the DOS message is received by the
devices 200 that have registered, or retrieved from the monitored location, thedevices 200 execute the instructions contained in the DOS message to protect thedevices 200 and the network from the DOS attack. -
FIG. 3 illustrates an example simplified procedure for DOS attack protection for computer networks in accordance with one or more embodiments described herein. The procedure may start atStep 300, where a DOS attack is detected. As described above, a DOS attack could be manually detected by an administrator or user monitoring the network or could be automatically detected using a traffic analyzer, thermometer, etc. - Once a DOS attack has been detected, at
Step 310 an alert is generated that notifies a control device 200 (e.g. device 11) in the network of the detected DOS attack. As described above, for manual systems the alert can be generated through commands entered through CLI, selection of an icon on a desktop, voice commands through voice recognition software, or can even be an actual button (virtual or physical) that is pressed by a user. For automated systems, the alert can be automatically generated by the traffic analyzer or other system/device that detects the DOS attack. AtStep 320, the alert is then received by the control device. - In systems where an operator generates the alert on the control device or the DOS attack is detected by the control device, Steps 310 and 320 can be eliminated as the control device is generating the alert itself.
- Once the control device receives an alert, or detects the DOS attack itself, at Step 330 a DOS message is generated and the DOS message is virally distributed to other devices 200 (
e.g. devices 22, 33, and 44) in the network atStep 340. Alternatively, atStep 340, the DOS message can be posted to a known location that is monitored by external devices and/or internal systems, rather than sending the DOS message. - At
Step 350 the other devices in the network receive and/or retrieve the DOS message and execute the instructions contained in the DOS message atStep 360. - It should be noted that while certain steps may be optional as described above, the steps shown in
FIG. 3 are merely examples for illustration, and certain other steps may be included or excluded as desired. Further, while a particular order of the steps is shown, this ordering is merely illustrative, and any suitable arrangement of the steps may be utilized without departing from the scope of the embodiments herein. - While there have been shown and described illustrative embodiments that provide for denial-of-service attack protection for computer networks, it is to be understood that various other variations, adaptations and modifications may be made within the spirit and scope of the embodiments herein, with the attainment of some or all of their advantages. For instance, it is expressly contemplated that the components and/or elements described herein can be implemented as software being stored on a tangible (non-transitory) computer-readable medium (e.g., disks/CDs/RAM/EEPROM/etc.) having program instructions executing on a computer, hardware, firmware, or a combination thereof. Accordingly this description is to be taken only by way of example and not to otherwise limit the scope of the embodiments herein. Therefore, it is the object of the appended claims to cover all such variations and modifications as come within the true spirit and scope of the embodiments herein.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/662,023 US8925084B2 (en) | 2012-10-26 | 2012-10-26 | Denial-of-service attack protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/662,023 US8925084B2 (en) | 2012-10-26 | 2012-10-26 | Denial-of-service attack protection |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140123278A1 true US20140123278A1 (en) | 2014-05-01 |
US8925084B2 US8925084B2 (en) | 2014-12-30 |
Family
ID=50548788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/662,023 Active 2033-03-20 US8925084B2 (en) | 2012-10-26 | 2012-10-26 | Denial-of-service attack protection |
Country Status (1)
Country | Link |
---|---|
US (1) | US8925084B2 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130347116A1 (en) * | 2012-06-26 | 2013-12-26 | Zuclu Research, LLC | Threat evaluation system and method |
US9571377B2 (en) | 2014-12-11 | 2017-02-14 | Oracle International Corporation | Dynamic denial of service protection |
US9888034B2 (en) | 2014-12-24 | 2018-02-06 | Oracle International Corporation | Pluggable API firewall filter |
US11153338B2 (en) * | 2019-06-03 | 2021-10-19 | International Business Machines Corporation | Preventing network attacks |
US11811642B2 (en) | 2018-07-27 | 2023-11-07 | GoTenna, Inc. | Vine™: zero-control routing using data packet inspection for wireless mesh networks |
US11831674B2 (en) | 2020-10-16 | 2023-11-28 | Cisco Technology, Inc. | Detecting man-in-the-middle attacks in management component transport protocol network server systems |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9930049B2 (en) | 2015-01-16 | 2018-03-27 | Cisco Technology, Inc. | Method and apparatus for verifying source addresses in a communication network |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040004941A1 (en) * | 2002-07-02 | 2004-01-08 | Malan Gerald R. | Apparatus and method for managing a provider network |
US20040093512A1 (en) * | 2002-11-08 | 2004-05-13 | Char Sample | Server resource management, analysis, and intrusion negation |
US20040098618A1 (en) * | 2002-11-14 | 2004-05-20 | Kim Hyun Joo | System and method for defending against distributed denial-of-service attack on active network |
US20060021054A1 (en) * | 2004-07-21 | 2006-01-26 | Microsoft Corporation | Containment of worms |
US7000250B1 (en) * | 2001-07-26 | 2006-02-14 | Mcafee, Inc. | Virtual opened share mode system with virus protection |
US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
US20070291945A1 (en) * | 2006-06-15 | 2007-12-20 | Che-Ming Chuang | Distributed wireless security system |
US20080162679A1 (en) * | 2006-12-29 | 2008-07-03 | Ebay Inc. | Alerting as to denial of service attacks |
US20090077632A1 (en) * | 2007-09-19 | 2009-03-19 | Robert Carpenter | Proactive network attack demand management |
US20100169975A1 (en) * | 2008-11-17 | 2010-07-01 | Dnsstuff Llc | Systems, methods, and devices for detecting security vulnerabilities in ip networks |
US8561181B1 (en) * | 2008-11-26 | 2013-10-15 | Symantec Corporation | Detecting man-in-the-middle attacks via security transitions |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003019404A1 (en) | 2001-08-30 | 2003-03-06 | Riverhead Networks Inc. | Protecting against distributed denial of service attacks |
US7424741B1 (en) | 2002-05-20 | 2008-09-09 | Cisco Technology, Inc. | Method and system for prevention of network denial-of-service attacks |
US7979694B2 (en) | 2003-03-03 | 2011-07-12 | Cisco Technology, Inc. | Using TCP to authenticate IP source addresses |
US7409712B1 (en) | 2003-07-16 | 2008-08-05 | Cisco Technology, Inc. | Methods and apparatus for network message traffic redirection |
US7266754B2 (en) | 2003-08-14 | 2007-09-04 | Cisco Technology, Inc. | Detecting network denial of service attacks |
US7587760B1 (en) | 2004-07-26 | 2009-09-08 | Cisco Technology, Inc. | System and methods for preventing denial of service attacks |
US7725934B2 (en) | 2004-12-07 | 2010-05-25 | Cisco Technology, Inc. | Network and application attack protection based on application layer message inspection |
US8156557B2 (en) | 2007-01-04 | 2012-04-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
US8312541B2 (en) | 2007-07-17 | 2012-11-13 | Cisco Technology, Inc. | Detecting neighbor discovery denial of service attacks against a router |
-
2012
- 2012-10-26 US US13/662,023 patent/US8925084B2/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7000250B1 (en) * | 2001-07-26 | 2006-02-14 | Mcafee, Inc. | Virtual opened share mode system with virus protection |
US20040004941A1 (en) * | 2002-07-02 | 2004-01-08 | Malan Gerald R. | Apparatus and method for managing a provider network |
US20040093512A1 (en) * | 2002-11-08 | 2004-05-13 | Char Sample | Server resource management, analysis, and intrusion negation |
US20040098618A1 (en) * | 2002-11-14 | 2004-05-20 | Kim Hyun Joo | System and method for defending against distributed denial-of-service attack on active network |
US20060021054A1 (en) * | 2004-07-21 | 2006-01-26 | Microsoft Corporation | Containment of worms |
US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
US20070291945A1 (en) * | 2006-06-15 | 2007-12-20 | Che-Ming Chuang | Distributed wireless security system |
US20080162679A1 (en) * | 2006-12-29 | 2008-07-03 | Ebay Inc. | Alerting as to denial of service attacks |
US20090077632A1 (en) * | 2007-09-19 | 2009-03-19 | Robert Carpenter | Proactive network attack demand management |
US20100169975A1 (en) * | 2008-11-17 | 2010-07-01 | Dnsstuff Llc | Systems, methods, and devices for detecting security vulnerabilities in ip networks |
US8561181B1 (en) * | 2008-11-26 | 2013-10-15 | Symantec Corporation | Detecting man-in-the-middle attacks via security transitions |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130347116A1 (en) * | 2012-06-26 | 2013-12-26 | Zuclu Research, LLC | Threat evaluation system and method |
US9774616B2 (en) * | 2012-06-26 | 2017-09-26 | Oppleo Security, Inc. | Threat evaluation system and method |
US9571377B2 (en) | 2014-12-11 | 2017-02-14 | Oracle International Corporation | Dynamic denial of service protection |
US9888034B2 (en) | 2014-12-24 | 2018-02-06 | Oracle International Corporation | Pluggable API firewall filter |
US11811642B2 (en) | 2018-07-27 | 2023-11-07 | GoTenna, Inc. | Vine™: zero-control routing using data packet inspection for wireless mesh networks |
US11153338B2 (en) * | 2019-06-03 | 2021-10-19 | International Business Machines Corporation | Preventing network attacks |
US11831674B2 (en) | 2020-10-16 | 2023-11-28 | Cisco Technology, Inc. | Detecting man-in-the-middle attacks in management component transport protocol network server systems |
Also Published As
Publication number | Publication date |
---|---|
US8925084B2 (en) | 2014-12-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8925084B2 (en) | Denial-of-service attack protection | |
US11102233B2 (en) | Detection of vulnerable devices in wireless networks | |
US20190141015A1 (en) | Cloud-based multi-function firewall and zero trust private virtual network | |
EP3090582B1 (en) | System and method for security and quality assessment of wireless access points | |
US9680870B2 (en) | Software-defined networking gateway | |
US9198118B2 (en) | Rogue wireless access point detection | |
US9906527B2 (en) | Device blocking tool | |
US9467459B2 (en) | System and method for detection of rogue routers in a computing network | |
US20150040194A1 (en) | Monitoring of smart mobile devices in the wireless access networks | |
US9185121B2 (en) | Detecting malicious circumvention of virtual private network | |
WO2016172055A1 (en) | Network security analysis for smart appliances | |
US20190281085A1 (en) | Dynamic device isolation in a network | |
US9553891B1 (en) | Device blocking tool | |
US9258213B2 (en) | Detecting and mitigating forwarding loops in stateful network devices | |
US20060203736A1 (en) | Real-time mobile user network operations center | |
US20140165143A1 (en) | Method and a program for controlling communication of target apparatus | |
US11140200B1 (en) | Distributing a network policy using connectivity fault management | |
Burns et al. | A novel traceroute-based detection scheme for wi-fi evil twin attacks | |
CN108289044B (en) | Data forwarding method, link state method for determining static route and network equipment | |
EP3286650A1 (en) | Network security analysis for smart appliances | |
US20190349334A1 (en) | Wifiwall | |
WO2022078338A1 (en) | Path determination method and apparatus, and computer storage medium | |
US9628480B2 (en) | Device blocking tool | |
US20190394143A1 (en) | Forwarding data based on data patterns | |
WO2023052005A1 (en) | Methods and systems of operating software-defined networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:THUBERT, PASCAL;LEVY-ABEGNOLI, ERIC;RIBIERE, VINCENT J.;REEL/FRAME:029201/0664 Effective date: 20121026 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |